Re: tcpd with xinetd
--On Sat, Jul 4, 1998 4:38 pm -0400 "Norbert Veber" <nveber@vtech.ddns.org>
wrote:
>> Now, how can I allow access from *.utwente.nl to my host? Or from *.nl?
As
>> I read the above paragraph, this is something xinetd can't do. With tcpd,
>> one can allow access from *.student.utwente.nl while denying access from
>> the rest of *.utwente.nl, with only two (obvious) lines. In xinetd.conf,
>> this would be a lot more difficult since *.utwente.nl is 130.89.0.0 -
>> 130.89.255.255 and *.student.utwente.nl is 130.89.220.0 - 130.89.234.255.
>>
>> And how would I allow access to a particular service from *.nl while
>> denying access to that server from the rest of the world? This may seem
>> senseless, but AFAIK it's something xinetd can not easily do.
>
> Ahh you are right, I guess I should have read the whole thing before
saying
> that :) What you can do is do ip matching, ie ionline.net is 207.6.175.x
so
> if you want to deny/allow access to ionline.net, you would put 207.6.175.0
> ni xinetd.conf. It does say that hostnames are supported, but doesnt say
> anything about using wildcards, *.ionline.net probably would not work.
This
> can probably be done with /etc/networks, but this is undocumented for the
> moment.
Just to clear up that little point -
What you are describing could not be done with /etc/networks, which is about
IP networks - i.e. things like 207.6.175.*, not domain masks.
Jules
/----------------+-------------------------------+---------------------\
| Jelibean aka | jules@jellybean.co.uk | 6 Evelyn Rd |
| Jules aka | jules@debian.org | Richmond, Surrey |
| Julian Bean | jmlb2@hermes.cam.ac.uk | TW9 2TF *UK* |
+----------------+-------------------------------+---------------------+
| War doesn't demonstrate who's right... just who's left. |
| When privacy is outlawed... only the outlaws have privacy. |
\----------------------------------------------------------------------/
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: